On attribute-based usage control policy ratification for cooperative computing context
This work addresses security conflicts in open information systems for cooperative computing, but it is incremental as it builds on existing attribute-based and usage control methods.
The paper tackles the problem of dynamic security policy management in cooperative computing contexts by proposing an attribute-based usage control policy scheme, which ensures aggregated policies correctly interpret original security goals through a policy ratification method based on policy aggregation algebra.
In an open information systems paradigm, real-time context-awareness is vital for the success of cooperation, therefore dynamic security attributes of partners should considered in coalition for avoiding security conflicts. Furthermore, the cross-boundary asset sharing activities and risks associated to loss of governance call for a continuous regulation of partners' behavior, paying attention to the resource sharing and consuming activities. This paper describes an attribute-based usage control policy shceme compline to this needs. A concise syntax with EBNF is used to summarize the base policy model. The semantics of negotiation process is disambiguated with abductive constraint logic programming (ACLP) and Event Calculus (EC). Then we propose a policy ratification method based on a policy aggregation algebra that elaborate the request space and policy rule relation. This method ensures that, when policies are aggregated due to resource sharing and merging activities, the resulting policy correctly interprets the original security goals of the providers' policies.